fix: skip using the field element containing the proof-of-work (#343)

0xPolygonMiden · Nov 18, 2024 · 50dd6bd · 50dd6bd
1 parent ee20a49
commit 50dd6bd
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## 0.11.0 (2024-10-30)
 
 - [BREAKING] Updated Winterfell dependency to v0.10 (#338).
+- Fixed a bug in the implementation of `draw_integers` for `RpoRandomCoin` (#343).
 
 ## 0.11.0 (2024-10-17)
 

diff --git a/src/rand/rpo.rs b/src/rand/rpo.rs
@@ -145,8 +145,10 @@ impl RandomCoin for RpoRandomCoin {
         self.state[RATE_START] += nonce;
         Rpo256::apply_permutation(&mut self.state);
 
-        // reset the buffer
-        self.current = RATE_START;
+        // reset the buffer and move the next random element pointer to the second rate element.
+        // this is done as the first rate element will be "biased" via the provided `nonce` to
+        // contain some number of leading zeros.
+        self.current = RATE_START + 1;
 
         // determine how many bits are needed to represent valid values in the domain
         let v_mask = (domain_size - 1) as u64;